feat: Typed Data Access & Disambiguation Policy — ontology enforcement across Stackbilt repos #69
Description
Motivation
Three related concepts are floating independently across the ecosystem:
- CodeBeast DATA_AUTHORITY sensitivity class (codebeast#9) — auditing raw D1 usage across repos
- AEGIS disambiguation firewall (aegis#344) — halting on undefined data concepts instead of guessing
- Ontology enforcement — ensuring all repos use canonical business term definitions
These need a unified policy layer, owned by Charter as the governance tool.
Proposal
Define a typed-data-access policy in Charter that:
1. Canonical Term Registry
- Define business terms (tenant, user, subscription, credit, tier) with types and ownership
- Each term maps to a source-of-truth service (e.g.,
tenant→ stackbilt-auth,credit→ QuotaService) - Terms are versioned and enforced at commit-time via Charter governance hooks
2. DATA_AUTHORITY Sensitivity Class
- Tag data access patterns by sensitivity:
public,internal,auth_scoped,billing_sensitive - CodeBeast enforces: raw D1 queries touching
auth_scopeddata must go through the owning service's RPC - Violations flagged as issues with remediation guidance
3. Disambiguation Protocol
- When AEGIS encounters an undefined data concept, it MUST halt and ask rather than guess
- Undefined = not in the canonical term registry
- Applies to: task execution, self-improvement proposals, autonomous goal work
Implementation
- Add
typed-data-access.adfpolicy module to Charter - Define term registry schema (YAML/JSON in
.ai/per repo) - Add Charter governance check: new code referencing unregistered terms → warning
- Wire CodeBeast sensitivity scan to use the registry
- Wire AEGIS disambiguation firewall to check terms against registry
Related
- codebeast#9 — DATA_AUTHORITY sensitivity class
- aegis#344 — disambiguation firewall
- aegis#334 — adversarial reasoning (complementary quality layer)